ClawHub

OpenClaw Multi-Agent System

Security checks across malware telemetry and agentic risk

Overview

This is a transparent setup guide for Telegram multi-agent bots, with sensitive but purpose-aligned access that users should configure carefully.

Install only if you intentionally want multiple Telegram bots in a trusted group and are comfortable with shared workspace plus shared MemOS memory. Use dedicated bots, keep bot tokens out of chats and shared files, restrict access to ~/.openclaw/openclaw.json, use Telegram group allowlists, tell group members bots may read messages, and avoid sending secrets in that group.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The guide explicitly tells operators to disable Telegram bot privacy for every child bot, which grants each bot visibility into all group messages. In a multi-agent setup with shared workspace and shared memory, this substantially broadens collection and propagation of group content beyond the minimum needed for many tasks, increasing surveillance, privacy, and data-leak risks.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill directs users to obtain and handle multiple Telegram bot tokens without any guidance on secure storage, redaction, rotation, or least-privilege handling. Because bot tokens are bearer credentials, exposing them in chat, logs, files, or shared workspaces can enable bot takeover and unauthorized message access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly instructs operators to disable Telegram bot privacy mode for every child bot, which expands each bot's visibility from addressed/command messages to potentially all group traffic. In a multi-agent design with shared workspace and shared memory, this increases the chance that unrelated group content, sensitive data, or private discussions are ingested, persisted, and propagated across agents without clear consent or minimization guidance.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide asks for sensitive bot tokens and user/group identifiers but does not warn that these values are security- and privacy-sensitive. In a collaborative agent environment with shared workspace and memory, collecting such data without safeguards raises the risk of credential leakage, unauthorized access, and persistent exposure across agents.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instruction to disable Telegram bot privacy mode is given as a required step without clearly stating that bots will then gain access to all group messages they can observe. In a multi-agent, shared-memory design, that missing warning materially increases the chance that operators will unknowingly deploy broad message collection and redistribution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal